CVE-2023-25754: Make permissions for FileTaskHandler group-writeable and configurable by potiuk · Pull Request #29506 · apache/airflow

Conversation

File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation. This change exposes mechanism to bettet control the extend of permissions granted depending on individual preferences of the users. Default permissions are set to “group-writeable” allowing for impersonation use case, but it can be more relaxed or more limited by configuration.

potiuk marked this pull request as ready for review

February 13, 2023 14:44

potiuk deleted the change-permissions-of-logs branch

February 13, 2023 16:15

sirVir pushed a commit to sirVir/airflow that referenced this pull request

Mar 14, 2023

…apache#29506)

File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation. This change exposes mechanism to bettet control the extend of permissions granted depending on individual preferences of the users. Default permissions are set to “group-writeable” allowing for impersonation use case, but it can be more relaxed or more limited by configuration.